top of page

Privacy Policy – January 2023

Protecting your personal information and privacy is very important to us.

This privacy policy explains how Discover Difference Psychology Clinic Ltd use any personal information collected about you when you visit our website and when you become a client. Dr Sophie Hughes, Clinical Director is registered with the ICO and she is the data controller. Please contact with any questions or requests about the personal information that we process.

Your rights are:

  • To be informed about what we do with your personal data

  • To rectification of any inaccurate data we process and to add to the information we hold about you if it is incomplete

  • To be forgotten and your personal data destroyed

  • To have a copy of all the personal information we process about you, upon request

  • To restrict the processing of your personal data

  • To object to the processing of data based on our legitimate interest


Information that we may collect

We collect information about you because you are a past, present or future client. The nature of our work with you and the information we collect, store, process and must have a lawful basis. The lawful basis for collecting, storing, processing and sharing your personal data relates to ‘legitimate interest’ and the ‘provision of health treatment’. You can find out more about the lawful basis for personal data collection on the ICO website ( Any personal information we hold about you is stored and processed in line with the Data Protection Act (DPA, 1998) and the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) adopted on 27th April 2016 and enforceable from 25th May 2018. We process the data because it is in our legitimate interests as a psychology clinic to do so. We need to view and analyse documents containing information to carry out an assessment. Another lawful reason for processing your data may be Legal Obligation. 

We collect information about you that may include personal or sensitive information, such as:

First name or given name

Family name or surname


Telephone numbers

Date of birth

Gender (or preferred identity).


Date of Birth.

Relationships & children



Telephone/SMS number

Email address

The nature of our work with you means that we will also need to gather, store and potentially share sensitive personal data about your psychological and physical wellbeing, mental health, relationships, life events, diagnoses, medical and other forms of treatment and forensic/criminal history. We gather this information as it is relevant for the purposes of our agreed work with you and to offer you the services you have sought from us. To make sure that you are assessed safely and appropriately, we record all contacts you have with Discover Psychology Psychology Clinic Ltd, such as appointments and the results of assessments and letters relating to involvement with us. We also collect information when you voluntarily complete contact forms on our website. We may collect personal data about you from third-parties connected with your care (for example, other health and social care providers), and only with your permission, we may also speak to other people such as family members, who you would like to be involved in the assessment in order to gather information essential to your assessment. We may also use search analytics providers to provide us with personal data about individual’s accessing our website.

We also process personal data pursuant to our legitimate interests in running this business such as:

Invoices and receipts

Accounts and tax returns

If you proceed with an assessment with us, we record information you share and the details of your appointments. This includes;

Medical conditions (historical and current)

Prescribed medication.

Psychological and social history and current difficulties.


Offences (including alleged offences)

Financial information, including bank account details (when you pay for our services)

How information is stored:

All personal information provided is stored in compliance with EU General Data Protection Regulations (GDPR) rules. We do not keep your data for longer than is necessary. Administrative data is retained for up to seven years, in the unlikely event there are queries from HMRC. Personal data is retained for seven years after our last contact, in compliance with professional indemnity and professional regulations. “Special category data” and personnel files held electronically are encrypted with restricted access.


Your shared information is kept confidential with Discover Difference Psychology Clinic Ltd. Where possible we will anonymise information so that individual clients cannot be identified. The exceptional and rare circumstances where we may need to share information is if we are concerned about significant harm happening to you (either by yourself or from someone else) as we may need to contact other services (e.g. GP, emergency services) in order to ensure your safety. In these rare cases, we will always aim to discuss this information sharing beforehand, unless there is a valid reason that we cannot. Another circumstance where we may need to share information is if we believe that there is intent to cause harm to another person/organisation (e.g. terrorism). This is because the law may require that we inform an authority without seeking your permission. In such a situation, the law may require that we share your personal information without your knowledge.

Finding out more 

Individuals can find out if we hold any personal information by making a ‘subject access request’ or ‘Right of Access’ under the Data Protection Act and the General Data Protection Regulation. Please contact to make a request. We will then supply to you:

A description of all data held about you

Inform you how it was obtained (if not supplied by you)

Inform you why, what purposes, we are holding it

What categories of personal data is concerned

Inform you who it could be disclosed to

Inform you of the retention periods of the data

Inform you around any automated decision making including profiling

In the event of incapacitation or death of the psychologist working with you, another allocated professional may be asked to access and manage information related to our work with you with a view to informing you of such an event, supporting you in the transition to another psychologist or service and ensuring continued safe storage and management of records. This psychologist also adheres to the GDPR principles and will only be shared if and when there is a legitimate need for them to access the information.

How to raise a concern 

If you are unhappy with any aspects of the way we collect, store, process and share the information about you, please contact the Data Protection Lead (Dr Sophie Hughes) at Discover Difference Psychology Clinic Ltd on so that Dr Hughes can answer any questions you have and try to resolve the issue. You also have the right to complain to the Information Commissioner’s Office (ICO) which is the United Kingdom (UK) supervisory authority for data protection issues. Please see: for further information, if required.


We value your feedback and we use Trustpilot to gather reviews of our service. If you would like to leave a review, please find us at Discover Difference Psychology Clinic Reviews | Be the first to review (

Thank you for taking the time to read this information.

bottom of page